A help desk phishing campaign attacked a company’s Microsoft Active Directory Federation Services (ADFS) via fake login pages and stole credentials by escaping multi-factor authentication (MFA) safety.
The campaign attacked healthcare, government, and education organizations, targeting around 150 victims, according to Abnormal Security. The attacks aim to get access to corporate mail accounts for sending emails to more victims inside a company or launch money motivated campaigns such as business e-mail compromise (BEC), where the money is directly sent to the attackers’ accounts.
Fake Microsoft ADFS login pages
ADFS from Microsoft is a verification mechanism that enables users to log in once and access multiple apps/services, saving the troubles of entering credentials repeatedly.
ADFS is generally used by large businesses, as it offers single sign-on (SSO) for internal and cloud-based apps.
The threat actors send emails to victims spoofing their company’s IT team, asking them to sign in to update their security configurations or accept latest policies.
How victims are trapped
When victims click on the embedded button, it takes them to a phishing site that looks same as their company’s authentic ADFS sign-in page. After this, the fake page asks the victim to put their username, password, and other MFA code and baits then into allowing
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.